Cryptographic Flaws Exploited

Mi'kail Eli'yah

·

Follow

47 min read

·

Sep 26, 2021

--

Share

“Does it matter?” Yes. We’re tired of branded vulnerabilities. — Anonymous

“””
Me (after explaining KRACK and ROCA): Why do they do that (coin extraneous ‘cute’ inflated names and make things exceedingly lengthy)?

C. Hitchcock: People have ‘Rockstar Complex’, they like to complicate things give silly acronyms and pat themselves on the back.
— 2017–10.19
“””

1. BEAST
2. CRIME (related: BREACH)
3. Deja Vu
4. DROWN
5. Dual EC PRNG
6. DUHK
7. FREAK
8. KRACK
9. Logjam
10. Padding Oracles
     10.1. Lucky13
     10.2. POODLE
     10.3. ROBOT (related: Triple handshake attack)
11. Sweet32
12. ROCA
13. Length Extension Attacks
14. Broken Randomness
15. Mathematical Logic Injection
     15.1. Psychic SignaturesReflections On Cryptographic Flaws ExploitedRefer: Acronyms And Terminologies UsedTimeline
• BEAST        CBC predictable IVs             [Sep’11]
• CRIME        Compression before Encryption   [Sep’12]
• RC4          Keystream biases                [Mar’13]
• Lucky 13     MAC-Encode-Encrypt CBC          [May’13]
• HeartBleed   Memory safety bug               [Apr’14]
• 3Shake       Insecure resumption             [Apr’14]
• POODLE       SSLv3 MAC-Encode-Encrypt        [Dec’14]
• SMACK        State machine attacks           [Jan’15]
• FREAK        Export-grade…